{"id":3892,"date":"2026-03-24T19:16:23","date_gmt":"2026-03-24T18:16:23","guid":{"rendered":"https:\/\/hinakuu.xyz\/?p=3892"},"modified":"2026-04-11T13:55:30","modified_gmt":"2026-04-11T11:55:30","slug":"injection-sql","status":"publish","type":"post","link":"https:\/\/hinakuu.xyz\/?p=3892","title":{"rendered":"Injection SQL"},"content":{"rendered":"\n<p>Une <strong>injection SQL<\/strong> est une technique de piratage informatique qui consiste \u00e0 <strong>ins\u00e9rer du code SQL malveillant<\/strong> dans une requ\u00eate envoy\u00e9e \u00e0 une base de donn\u00e9es, g\u00e9n\u00e9ralement via un formulaire ou une URL.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"509\" height=\"720\" src=\"https:\/\/hinakuu.xyz\/wp-content\/uploads\/2026\/03\/InjectionSQL.gif\" alt=\"\" class=\"wp-image-3906\"\/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd0e Principe simple<\/h3>\n\n\n\n<p>Quand un site web demande des informations (ex : identifiant + mot de passe), il construit souvent une requ\u00eate SQL comme :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT * FROM utilisateurs WHERE nom = 'admin' AND mot_de_passe = '1234';\n<\/code><\/pre>\n\n\n\n<p>\ud83d\udc49 Si le site est mal s\u00e9curis\u00e9, un attaquant peut entrer quelque chose comme :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>admin' OR '1'='1\n<\/code><\/pre>\n\n\n\n<p>Ce qui donne :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT * FROM utilisateurs WHERE nom = 'admin' OR '1'='1';\n<\/code><\/pre>\n\n\n\n<p>\ud83d\udca5 R\u00e9sultat : la condition est toujours vraie \u2192 l\u2019attaquant peut se connecter <strong>sans mot de passe<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u26a0\ufe0f Pourquoi c\u2019est dangereux ?<\/h3>\n\n\n\n<p>Une injection SQL peut permettre de :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>acc\u00e9der \u00e0 des comptes sans autorisation<\/li>\n\n\n\n<li>voler des donn\u00e9es (mots de passe, infos personnelles)<\/li>\n\n\n\n<li>modifier ou supprimer des donn\u00e9es<\/li>\n\n\n\n<li>parfois prendre le contr\u00f4le complet du serveur<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udee1\ufe0f Comment s\u2019en prot\u00e9ger ?<\/h3>\n\n\n\n<p>Les d\u00e9veloppeurs utilisent plusieurs techniques :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>requ\u00eates pr\u00e9par\u00e9es (prepared statements)<\/strong> \u2705 (la meilleure solution)<\/li>\n\n\n\n<li>validation et filtrage des entr\u00e9es utilisateur<\/li>\n\n\n\n<li>utilisation d\u2019ORM (comme Django ORM ou Hibernate)<\/li>\n\n\n\n<li>limiter les permissions de la base de donn\u00e9es<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udde0 \u00c0 retenir<\/h3>\n\n\n\n<p>\ud83d\udc49 Une injection SQL exploite une mauvaise gestion des entr\u00e9es utilisateur<br>\ud83d\udc49 C\u2019est l\u2019une des failles de s\u00e9curit\u00e9 les plus connues et dangereuses<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/mega.nz\/file\/adF2zZQa#r52xCXPr2c9bULjwPd3_PU7oTKPS0NuZIxWKzTaXP1o\" target=\"_blank\" rel=\"noreferrer noopener\">TP Injection SQL 1<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/mega.nz\/file\/nRMjhKSY#VJwQQe7Bc__TDPriOH1DhIRX8oitRZ5S26kFDy62qzs\" target=\"_blank\" rel=\"noreferrer noopener\">TP Injection SQL 2<\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Une injection SQL est une technique de piratage informatique qui consiste \u00e0 ins\u00e9rer du code SQL malveillant dans<\/p>\n","protected":false},"author":1,"featured_media":3893,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,1],"tags":[],"class_list":["post-3892","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-non-classe"],"_links":{"self":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts\/3892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3892"}],"version-history":[{"count":5,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts\/3892\/revisions"}],"predecessor-version":[{"id":3909,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts\/3892\/revisions\/3909"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/media\/3893"}],"wp:attachment":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}